Thanks

1.

Client has the IP Address as IP: 192.168.1.50 SM: 255.255.255.0 GW: 192.168.1.2 (Which is Vlan 1 IP Address in Cisco 1811 Router)

2.

Exactly HQ does not have route back to subnet of Remote

HQ :

AL-AYUNI-OLAYA#sh ip route

Gateway of last resort is not set

B 50.0.0.0/8 [20/0] via 84.235.77.85, 05:38:35

84.0.0.0/30 is subnetted, 4 subnets

B 84.235.67.208 [20/0] via 84.235.77.85, 04:44:56

B 84.235.88.160 [20/0] via 84.235.77.85, 22:29:12

C 84.235.77.84 is directly connected, Serial0/0/0.104

B 84.235.83.68 [20/0] via 84.235.77.85, 5w1d

C 20.0.0.0/8 is directly connected, GigabitEthernet0/0

172.31.0.0/30 is subnetted, 1 subnets

B 172.31.2.152 [20/0] via 84.235.77.85, 2w2d

AL-AYUNI-OLAYA#

REMOTE :

AL-AYUNI-HAIRE#sh ip route

Gateway of last resort is not set

B 50.0.0.0/8 [20/0] via 172.31.2.153, 05:32:45 ---------------- Another Branch Office

84.0.0.0/30 is subnetted, 4 subnets

B 84.235.67.208 [20/0] via 172.31.2.153, 04:39:33

B 84.235.88.160 [20/0] via 172.31.2.153, 22:23:49

B 84.235.77.84 [20/0] via 172.31.2.153, 1d19h

B 84.235.83.68 [20/0] via 172.31.2.153, 1d19h

B 20.0.0.0/8 [20/0] via 172.31.2.153, 1d19h ---------------------- Head Office

172.31.0.0/30 is subnetted, 1 subnets

C 172.31.2.152 is directly connected, FastEthernet0.3429

C 192.168.1.0/24 is directly connected, Vlan1

AL-AYUNI-HAIRE#

3.

When I Try to Ping using Extended Ping as you specify...

AL-AYUNI-HAIRE#ping 20.0.0.10 source vlan 1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 20.0.0.10, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.2

.....

Success rate is 0 percent (0/5)

4. Exactly its IP VPN using MPLS Clouds. I don't know about to check MTU & Frame Size issue...

Please explain this further

Thanks in advance

Abdul

If you have determined that the problem is that HQ does not have a route to the remote network then there is not much need to discuss MTU and frame size since the problem is obviously a routing issue not a fragmentation issue.

Without seeing details from the configs it is difficult to know exactly what the problem is, but it is evident that the remote is not advertising its network to HQ. I do not know whether there is not a network statement for the 192.168.1.0 network, or whether there is outbound route filtering on the remote or whether there is inbound route filtering at HQ. But for some reason the network from the remote is not getting into the routing table at HQ. And until it does get into the routing table at HQ the clients at the remote will not be able to access the server at HQ.

HTH

Rick

Rick

Thanks for your Support.

Im enclosing the Running Config @ HQ & Remote Location.

Running Config in HQ :-----------HQ---------

AL-AYUNI-OLAYA#sh run

Building configuration...

Current configuration : 4121 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname AL-AYUNI-OLAYA

!

boot-start-marker

boot system flash c2800nm-advipservicesk9-mz.124-7a.bin

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$HmWK$KkbkSpGuJ4WcVpaEI1hA3.

!

no aaa new-model

!

resource policy

!

ip cef

!

ip domain name yourdomain.com

!

voice-card 0

no dspfarm

!

!

username abdul privilege 15 secret 5 $1$OPedl$smM/VjMP4A/cCfIFr/CGf/

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 20.0.0.1 255.0.0.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

encapsulation frame-relay IETF

frame-relay lmi-type ansi

!

interface Serial0/0/0.104 point-to-point

ip address 84.235.77.86 255.255.255.252

frame-relay interface-dlci 104

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

interface XTagATM0

no ip address

!

router bgp 64659

no synchronization

bgp log-neighbor-changes

redistribute connected

neighbor 84.235.77.85 remote-as 65000

no auto-summary

!

control-plane

!

!

line con 0

login local

line aux 0

line vty 0

privilege level 15

password abdulvty

login

transport input telnet

line vty 1 4

privilege level 15

no login

transport input telnet

!

scheduler allocate 20000 1000

!

end

AL-AYUNI-OLAYA#

Running Config in REMOTE :--------REMOTE------

AL-AYUNI-HAIRE#sh run

Building configuration...

Current configuration : 3201 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname AL-AYUNI-HAIRE

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$2bj.$5ejOc1TZt9XfYCR8v6mPlt.

!

no aaa new-model

!

resource policy

!

!

!

ip cef

!

username abdul privilege 15 password 0 asdf

!

interface FastEthernet0

no ip address

duplex auto

speed auto

!

interface FastEthernet0.3429

description FastEthernet 0.3429 dot1q vlan id=3429. By VPNSC: Job Id#=8134

encapsulation dot1Q 3429

ip address 172.31.2.154 255.255.255.252

ip nat outside

ip virtual-reassembly

no snmp trap link-status

!

interface FastEthernet1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Vlan1

ip address 192.168.1.2 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Async1

no ip address

encapsulation slip

!

router bgp 64659

no synchronization

bgp log-neighbor-changes

neighbor 172.31.2.153 remote-as 65000

no auto-summary

!

!

control-plane

!

!

line con 0

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

password abdul

login

!

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

AL-AYUNI-HAIRE#

Hope this will resolve my issues..

Abdul

Abdul

Thanks for posting the configs. When I first looked I thought that I had found the problem when I noted that the remote router is running BGP but is not advertising its local network. But when I looked more closely I believe that the real issue is something else. I note that the outbound interface FastEthernet0.3429 is configured with nat outside and that VLAN 1 is configured with nat inside. But I do not see any other nat configuration. If you will add the configuration to translate the VLAN 1 addresses using overload on the FastEthernet0.3429, then HQ will have a path to the remote subnet.

HTH

Rick

Rick

Sorry for belated reply.

I have added these two statments...

ip nat inside source list 1 interface FastEthernet0.3429 overload

access-list 1 permit 192.168.1.0 0.0.0.255

After this Client can access Server in HQ.

But Still HQ Router doesnt have the path to remote subnet.

How we can resolve this issue

Abdul

I am glad to know that my suggestion was effective in allowing the clients at the remote to access the server at HQ.

For solving the issue of HQ initiating traffic to the remote there are several alternatives that could work. Choosing which one is best would depend on knowing more about the design and setup of your network.

First lets be sure that we understand what is happening now: you are using dynamic translation with overload, which is generally called PAT (for Port Address Translation). In dynamic PAT when an end station initiates traffic to HQ the router generates an entry in the translation table which allows traffic from HQ to the end station to be correctly translated and delivered to the correct host. But if HQ initiates traffic there is not an entry in the translation table and therefore traffic from HQ can not be translated and delivered to the end station at the remote.

So one solution would be to configure some kind of static translation so that end stations would always have an entry in the translation table and HQ would be able to initiate traffic to them.

Another alternative would be to put a network statement under router bgp at the remote to advertise the LAN network through BGP to HQ. This would make all the end stations reachable without requiring any translation.

Perhaps looking at the other remote offices could show how they solve this issue and help choose the most appropriate alternative for this office.

HTH

Rick

I would like to thanks Rick and Slider.

I have tried Method 2. Working excellent.

Thanks for your Support.

Abdul.